cbcvebase.

Samsung Mobile Devices vulnerabilities

374 known vulnerabilities affecting samsung_mobile/samsung_mobile_devices.

Total CVEs
374
CISA KEV
11
actively exploited
Public exploits
0
Exploited in wild
11
Severity breakdown
CRITICAL37HIGH100MEDIUM142LOW95

Vulnerabilities

Page 7 of 19
CVE-2022-33703P3HIGHCVSS 7.8≥ Q(10), R(11), S(12), < SMR Jul-2022 Release 12022-07-12
CVE-2022-33703 [HIGH] CWE-20 CVE-2022-33703: Improper validation vulnerability in CACertificateInfo prior to SMR Jul-2022 Release 1 allows attack Improper validation vulnerability in CACertificateInfo prior to SMR Jul-2022 Release 1 allows attackers to launch certain activities.
nvd
CVE-2021-25516P3HIGHCVSS 7.5≥ P(9.0), Q(10.0), R(11.0) devices with selected Exynos chipsets, < SMR Dec-2021 Release 12021-12-08
CVE-2021-25516 [HIGH] CWE-703 CVE-2021-25516: An improper check or handling of exceptional conditions in Exynos baseband prior to SMR Dec-2021 Rel An improper check or handling of exceptional conditions in Exynos baseband prior to SMR Dec-2021 Release 1 allows attackers to track locations.
nvd
CVE-2022-36853P3HIGHCVSS 7.5≥ Q(10), R(11), S(12), < SMR Sep-2022 Release 12022-09-09
CVE-2022-36853 [HIGH] CWE-20 CVE-2022-36853: Intent redirection in Photo Editor prior to SMR Sep-2022 Release 1 allows attacker to get sensitive Intent redirection in Photo Editor prior to SMR Sep-2022 Release 1 allows attacker to get sensitive information.
nvd
CVE-2022-39882P3HIGHCVSS 7.8≥ Q(10), R(11), S(12) , < SMR Nov-2022 Release 12022-11-09
CVE-2022-39882 [HIGH] CWE-787 CVE-2022-39882: Heap overflow vulnerability in sflacf_fal_bytes_peek function in libsmat.so library prior to SMR Nov Heap overflow vulnerability in sflacf_fal_bytes_peek function in libsmat.so library prior to SMR Nov-2022 Release 1 allows local attacker to execute arbitrary code.
nvd
CVE-2021-25512P3HIGHCVSS 7.8≥ P(9.0), Q(10.0), R(11.0), < SMR Dec-2021 Release 12021-12-08
CVE-2021-25512 [HIGH] CWE-20 CVE-2021-25512: An improper validation vulnerability in telephony prior to SMR Dec-2021 Release 1 allows attackers t An improper validation vulnerability in telephony prior to SMR Dec-2021 Release 1 allows attackers to launch certain activities.
nvd
CVE-2021-25428P3HIGHCVSS 7.8≥ O(8.1), P(9.0), Q(10.0), R(11.0), < SMR July-2021 Release 12021-07-08
CVE-2021-25428 [HIGH] CWE-269 CVE-2021-25428: Improper validation check vulnerability in PackageManager prior to SMR July-2021 Release 1 allows un Improper validation check vulnerability in PackageManager prior to SMR July-2021 Release 1 allows untrusted applications to get dangerous level permission without user confirmation in limited circumstances.
nvd
CVE-2022-25815P3HIGHCVSS 7.8≥ Q(10), R(11), < SMR Mar-2022 Release 12022-03-10
CVE-2022-25815 [HIGH] CWE-276 CVE-2022-25815: PendingIntent hijacking vulnerability in Weather application prior to SMR Mar-2022 Release 1 allows PendingIntent hijacking vulnerability in Weather application prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.
nvd
CVE-2021-25480P3HIGHCVSS 7.5≥ O(8.1), P(9.0), Q(10.0), R(11.0), < SMR Oct-2021 Release 12021-10-06
CVE-2021-25480 [HIGH] CWE-294 CVE-2021-25480: A lack of replay attack protection in GUTI REALLOCATION COMMAND message process in Qualcomm modem pr A lack of replay attack protection in GUTI REALLOCATION COMMAND message process in Qualcomm modem prior to SMR Oct-2021 Release 1 can lead to remote denial of service on mobile network connection.
nvd
CVE-2021-25471P3HIGHCVSS 7.5≥ O(8.1), P(9.0), Q(10.0) devices with Exynos CP chipsets, < SMR Oct-2021 Release 12021-10-06
CVE-2021-25471 [HIGH] CWE-20 CVE-2021-25471: A lack of replay attack protection in Security Mode Command process prior to SMR Oct-2021 Release 1 A lack of replay attack protection in Security Mode Command process prior to SMR Oct-2021 Release 1 can lead to denial of service on mobile network connection and battery depletion.
nvd
CVE-2022-39908P3HIGHCVSS 7.4≥ Q(10) and R(11) OS with libsadapter, S(12) and T(13) OS with libsthmbcadapter, < SMR Dec-2022 Release 12022-12-08
CVE-2022-39908 [HIGH] CWE-367 CVE-2022-39908: TOCTOU vulnerability in Samsung decoding library for video thumbnails prior to SMR Dec-2022 Release TOCTOU vulnerability in Samsung decoding library for video thumbnails prior to SMR Dec-2022 Release 1 allows local attacker to perform Out-Of-Bounds Write.
nvd
CVE-2022-30726P4HIGHCVSS 7.8≥ S(12), < SMR Jun-2022 Release 12022-06-07
CVE-2022-30726 [HIGH] CWE-20 CVE-2022-30726: Unprotected component vulnerability in DeviceSearchTrampoline in SecSettingsIntelligence prior to SM Unprotected component vulnerability in DeviceSearchTrampoline in SecSettingsIntelligence prior to SMR Jun-2022 Release 1 allows local attackers to launch activities of SecSettingsIntelligence.
nvd
CVE-2021-25427P4MEDIUMCVSS 6.5≥ O(8.1), P(9.0), Q(10.0), R(11.0), < SMR July-2021 Release 12021-07-08
CVE-2021-25427 [MEDIUM] CWE-89 CVE-2021-25427: SQL injection vulnerability in Bluetooth prior to SMR July-2021 Release 1 allows unauthorized access SQL injection vulnerability in Bluetooth prior to SMR July-2021 Release 1 allows unauthorized access to paired device information
nvd
CVE-2021-25470P4HIGHCVSS 7.9≥ Select P(9.0), Q(10.0), R(11.0) devices with Exynos and Mediatek chipsets, < SMR Oct-2021 Release 12021-10-06
CVE-2021-25470 [HIGH] CWE-94 CVE-2021-25470: An improper caller check logic of SMC call in TEEGRIS secure OS prior to SMR Oct-2021 Release 1 can An improper caller check logic of SMC call in TEEGRIS secure OS prior to SMR Oct-2021 Release 1 can be used to compromise TEE.
nvd
CVE-2021-25410P4HIGHCVSS 7.1≥ R(11.0), < SMR JUN-2021 Release 12021-06-11
CVE-2021-25410 [HIGH] CWE-20 CVE-2021-25410: Improper access control of a component in CallBGProvider prior to SMR JUN-2021 Release 1 allows loca Improper access control of a component in CallBGProvider prior to SMR JUN-2021 Release 1 allows local attackers to access arbitrary files with an escalated privilege.
nvd
CVE-2022-22264P4HIGHCVSS 7.1≥ Q(10.0), R(11.0), S(12.0), < SMR Jan-2022 Release 12022-01-10
CVE-2022-22264 [HIGH] CWE-20 CVE-2022-22264: Improper sanitization of incoming intent in Dressroom prior to SMR Jan-2022 Release 1 allows local a Improper sanitization of incoming intent in Dressroom prior to SMR Jan-2022 Release 1 allows local attackers to read and write arbitrary files without permission.
nvd
CVE-2021-25518P4MEDIUMCVSS 6.7≥ P(9.0), Q(10.0), R(11.0) devices with selected Exynos chipsets, < SMR Dec-2021 Release 12021-12-08
CVE-2021-25518 [MEDIUM] CWE-119 CVE-2021-25518: An improper boundary check in secure_log of LDFW and BL31 prior to SMR Dec-2021 Release 1 allows arb An improper boundary check in secure_log of LDFW and BL31 prior to SMR Dec-2021 Release 1 allows arbitrary memory write and code execution.
nvd
CVE-2022-28783P4HIGHCVSS 7.1≥ Q(10), R(11), S(12), < SMR May-2022 Release 12022-05-03
CVE-2022-28783 [HIGH] CWE-20 CVE-2022-28783: Improper validation of removing package name in Galaxy Themes prior to SMR May-2022 Release 1 allows Improper validation of removing package name in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to uninstall arbitrary packages without permission. The patch adds proper validation logic for removing package name.
nvd
CVE-2022-39901P4MEDIUMCVSS 6.5≥ Exynos baseband , < SMR Dec-2022 Release 12022-12-08
CVE-2022-39901 [MEDIUM] CWE-287 CVE-2022-39901: Improper authentication in Exynos baseband prior to SMR DEC-2022 Release 1 allows remote attacker to Improper authentication in Exynos baseband prior to SMR DEC-2022 Release 1 allows remote attacker to disable the network traffic encryption between UE and gNodeB.
nvd
CVE-2021-25483P4MEDIUMCVSS 6.5≥ O(8.1), P(9.0), Q(10.0), R(11.0), < SMR Oct-2021 Release 12021-10-06
CVE-2021-25483 [MEDIUM] CWE-125 CVE-2021-25483: Lack of boundary checking of a buffer in livfivextractor library prior to SMR Oct-2021 Release 1 all Lack of boundary checking of a buffer in livfivextractor library prior to SMR Oct-2021 Release 1 allows OOB read.
nvd
CVE-2021-25388P4HIGHCVSS 7.1≥ R(11.0), < SMR MAY-2021 Release 12021-06-11
CVE-2021-25388 [HIGH] CWE-926 CVE-2021-25388: Improper caller check vulnerability in Knox Core prior to SMR MAY-2021 Release 1 allows attackers to Improper caller check vulnerability in Knox Core prior to SMR MAY-2021 Release 1 allows attackers to install arbitrary app.
nvd
Samsung Mobile Devices vulnerabilities | cvebase